On 12/07/14 15:39, toby-exim@??? wrote:
> On 28/06/2014 10:01:06, "Jasen Betts" <jasen@???> wrote:
>
>> On 2014-06-27, Sean Donelan <sean@???> wrote:
>>
>>> It appears the RFC2047 decode in Exim can be tricked, and the spammers
>>> have figured out how to exploit it.
>>>
>>> For example, this is a recent MIME part (I added "_")
>>>
>>> Content-Type: application/x-zip-compressed;
>>> name="&_#_1057_;opy_of_Document_ID7851.zip"
>>> Content-Transfer-Encoding: base64
>>> Content-Disposition: attachment;
>>> filename="&_#_1057_;opy_of_Document_ID7851.zip"
>>>
>>> When Exim expands the variable $mime_filename the result
>>> is only "&_#_1057" and nothing else (again _'s added)
>> Still, it looks like a bug in exim. I'm fairly sure the RFCs say that
>> semicolons are not significant inside quoted words.
> I've got some anti-zipfile protection in my config and some zipfiles are
> making
> it through because the filename is like that. This has started happening
> recently, so it's not just you Sean.
>
> My mail client also cuts the filename at the semi-colon, for what it's
> worth.
HEAD now contains a probable fix for this. Confirmation from production
systems exposed to the wild would be very welcome.
--
Cheers,
Jeremy